Archive for the ‘Trojans’ Category

How The Koobface Worm Gang Makes Money

December 21, 2009

How The Koobface Worm Gang Makes Money

Trend Micro report looks at the true motivation behind the widespread malware-laden botnet

Dec 21, 2009 | 02:51 PM
By Kelly Jackson Higgins

Chances are you know someone who has been hit by Koobface, one of the first successful social networking worms. But there are many faces to Koobface, and many ways its authors make money from it.

New research from Trend Micro details how Koobface’s creators monetize the worm through scareware or fake antivirus, click fraud, information-stealing malware, and online dating services. “Unlike in the past when we always thought of malware as one piece of malware, like Melissa or Lovebug, in today’s world Koobface is an ongoing criminal enterprise using hundreds and thousands of pieces of code,” says David Perry, global director of education for Trend Micro. “That makes it more difficult to describe to the public at large. It’s not just one file.”

Read the rest here

Zeus bot found using Amazon’s EC2 as C&C server

December 9, 2009

Zeus bot found using Amazon’s EC2 as C&C server: “

Clouds on Mount Olympus

Add Amazon’s EC2 to the roster of cloud-based services being exploited to do the bidding of malware gangs.…

(Via The Register – Security.)

Hackers cash in on Chinese gaming craze

December 3, 2009


THE craze in online games among Chinese netizens is fuelling an increasingly lucrative real-world market for computer hackers, security firms have said.

“There is a huge underground market and major revenue comes from selling game accounts or virtual items stolen from hijacked computers,” said Mr Zhang Yumu, vice-president of Beijing Rising International Software, one of China’s largest security firms.

A report by state broadcaster CCTV said Trojan-horse attacks, which allow hackers remote access to a targeted computer system, make up a market expected to be worth 10 billion yuan (S$2 billion) this year.

The report cited a hacker saying he could get hundreds of thousands of yuan every month by hacking into computers and stealing the users’ personal information and game accounts.

Read the rest (via AsiaOne News) here.

UK cybercops cuff ZeuS Trojan suspect pair

November 18, 2009

UK cybercops cuff ZeuS Trojan suspect pair: “UK cybercops cuff ZeuS Trojan suspect pair”

(Via The Register – Security.)

Opachki, from (and to) Russia with love, (Tue, Nov 3rd)

November 3, 2009

Opachki, from (and to) Russia with love, (Tue, Nov 3rd): “Opachki is a pretty interesting link hijacking trojan that has been spreading quite a bit in last co …(more)…”

(Via SANS Internet Storm Center, InfoCON: green.)

Hacked Facebook applications reach out to exploit sites in Russia

October 27, 2009

Hacked Facebook applications reach out to exploit sites in Russia: “All the social networking sites have issues with calling out to exploit pages. Usually what happens is that someone’s website gets hacked, and because they link to it from their MySpace or Facebook page, their contacts and friends sometimes get drawn to the attack sites. This is quite common, and we’ll write about it soon, but today’s story is a little different, in that these seem to be actual Facebook applications that have been hacked. (Please note that the application developer(s) are innocent victims too, and did not intend for their games to be hacked.)

(Via AVG Blogs | Roger Thompson.)

So You’ve Fallen For the AntiVirus Scam

October 27, 2009

So You’ve Fallen For the AntiVirus Scam: “

This is pretty typical… you’ve received a really nice looking email stating that there’s a great deal on a new and more powerful anti-virus system for your PC. Who doesn’t want that, right?

This, unfortunately, is a great way to get malware on your machine. How about that… the idea that you’re trying to protect your PC leads you into a trap where you cannot get out installing some kind of crap-ware that, at least, completely goobers up your machine.

So you’ve clicked the link. What now?


Notice… it looks like my browser has disappeared! Oh No! Well, I’d better click cancel because I don’t know what’s going on here!

Picture 5

Well isn’t that strange? My browser is back but it looks like some sort of regular explorer window and it’s scanning my PC. Look at all the viruses I have on my PC… right?

Picture 6

Well, actually I am pretty sure I don’t have any viruses. So I am going to click cancel here.

Picture 7

I love it when they beg! I will click OK here.

Picture 8

Well, how about that! It returned me back to the ‘Anti-Virus’ scanner. I guess I have no choice but to install, right? WRONG!

Picture 9

From the Windows Task Bar (that blue thing on the bottom), right-click with your mouse or trackpad, or whatever, and select Task Manager. This will open up a new window.

Picture 10

Click on the ‘End Task’ button. This will prompt you to confirm.

Picture 11.png

Go ahead and choose ‘End Now’ to kill this bad-boy.

So… you may ask, what would happen if I go ahead and install the software the way they want me to? Well, all kinds of fun stuff would happen.

Picture 15

First, as you can see, I now have ‘lots of viruses’ on my machine, which they promise to clean… all for only $69. And I can’t clean them or update the software without purchasing a license key. Do I dare trust these folks with my credit-card??? I think not!

Picture 18

Oh, how about that? They’ve changed my hosts file so that all google sites point to some server in Poland somewhere. Hmmm… can you say ‘Bulletproof Host’?

I wonder what else they’re doing. Wanna bet there’s an infostealer and/or keystroke logger on the machine as well? Signs point to yes! As I analyze, I will fill you in.

The point here is:

1. Don’t click on everything you get in email
2. You can bail out of a hostile web session with Task Manager
3. Don’t believe everything your computer tells you
4. Don’t install software you don’t trust
5. Don’t buy something if you don’t want it
6. Not everything is as it seems
7. etc…

More next time…

(Via Scott… Sit down and shut up!.)

“Brazil: a country rich in banking Trojans”

October 16, 2009

“Brazil: a country rich in banking Trojans”: “Anyone who has ever analyzed malware designed to steal data from online banking customers will agree that Brazil is one of the biggest sources of so-called banking Trojans.”

(Via Latest Analysis for All Threats.)